Kubernetes integration with OpenStack networking
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

default_security_groups.py 3.5KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990
  1. # Copyright (c) 2016 Mirantis, Inc.
  2. # All Rights Reserved.
  3. #
  4. # Licensed under the Apache License, Version 2.0 (the "License"); you may
  5. # not use this file except in compliance with the License. You may obtain
  6. # a copy of the License at
  7. #
  8. # http://www.apache.org/licenses/LICENSE-2.0
  9. #
  10. # Unless required by applicable law or agreed to in writing, software
  11. # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  12. # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
  13. # License for the specific language governing permissions and limitations
  14. # under the License.
  15. from oslo_config import cfg
  16. from oslo_log import log as logging
  17. from kuryr_kubernetes import config
  18. from kuryr_kubernetes.controller.drivers import base
  19. LOG = logging.getLogger(__name__)
  20. class DefaultPodSecurityGroupsDriver(base.PodSecurityGroupsDriver):
  21. """Provides security groups for Pod based on a configuration option."""
  22. def get_security_groups(self, pod, project_id):
  23. sg_list = config.CONF.neutron_defaults.pod_security_groups
  24. if not sg_list:
  25. # NOTE(ivc): this option is only required for
  26. # Default{Pod,Service}SecurityGroupsDriver and its subclasses,
  27. # but it may be optional for other drivers (e.g. when each
  28. # namespace has own set of security groups)
  29. raise cfg.RequiredOptError('pod_security_groups',
  30. cfg.OptGroup('neutron_defaults'))
  31. return sg_list[:]
  32. def create_namespace_sg(self, namespace, project_id, crd_spec):
  33. LOG.debug("Security group driver does not create SGs for the "
  34. "namespaces.")
  35. return {}
  36. def delete_sg(self, sg_id):
  37. LOG.debug("Security group driver does not implement deleting "
  38. "SGs.")
  39. def create_sg_rules(self, pod):
  40. LOG.debug("Security group driver does not create SG rules for "
  41. "the pods.")
  42. def delete_sg_rules(self, pod):
  43. LOG.debug("Security group driver does not delete SG rules for "
  44. "the pods.")
  45. def update_sg_rules(self, pod):
  46. LOG.debug("Security group driver does not update SG rules for "
  47. "the pods.")
  48. def delete_namespace_sg_rules(self, namespace):
  49. LOG.debug("Security group driver does not delete SG rules for "
  50. "namespace.")
  51. def create_namespace_sg_rules(self, namespace):
  52. LOG.debug("Security group driver does not create SG rules for "
  53. "namespace.")
  54. def update_namespace_sg_rules(self, namespace):
  55. LOG.debug("Security group driver does not update SG rules for "
  56. "namespace.")
  57. class DefaultServiceSecurityGroupsDriver(base.ServiceSecurityGroupsDriver):
  58. """Provides security groups for Service based on a configuration option."""
  59. def get_security_groups(self, service, project_id):
  60. # NOTE(ivc): use the same option as DefaultPodSecurityGroupsDriver
  61. sg_list = config.CONF.neutron_defaults.pod_security_groups
  62. if not sg_list:
  63. # NOTE(ivc): this option is only required for
  64. # Default{Pod,Service}SecurityGroupsDriver and its subclasses,
  65. # but it may be optional for other drivers (e.g. when each
  66. # namespace has own set of security groups)
  67. raise cfg.RequiredOptError('pod_security_groups',
  68. cfg.OptGroup('neutron_defaults'))
  69. return sg_list[:]